address6 - 转换IPv4地址到IPv6地址

Converts a mac or ipv4 address to an ipv6 address (link local if no prefix is
given as 2nd option) or, when given an ipv6 address, prints the mac or ipv4
address. Prints all possible variations. Returns -1 on errors or the number of
variations found

Shows alive addresses in the segment. If you specify a remote router, the
packets are sent with a routing header prefixed by fragmentation
Options:
-i file check systems from input file
-o file write results to output file
-M enumerate hardware addresses (MAC) from input addresses (slow!)
-D enumerate DHCP address space from input addresses
-p send a ping packet for alive check (default)
-e dst,hop send an errornous packets: destination (default), hop-by-hop
-s port,port,.. TCP-SYN packet to ports for alive check
-a port,port,.. TCP-ACK packet to ports for alive check
-u port,port,.. UDP packet to ports for alive check
-d DNS resolve alive ipv6 addresses
-n number how often to send each packet (default: local 1, remote 2)
-W time time in ms to wait after sending a packet (default: 1)
-S slow mode, get best router for each remote target or when proxy-NA
-I srcip6 use the specified IPv6 address as source
-l use link-local address instead of global address
-v verbose (twice: detailed information, thrice: dumping all packets)
Target address on command line or in input file can include ranges in the form
of 2001:db8::1-fff or 2001:db8::1-2:0-ffff:0:0-ffff, etc.
Returns -1 on errors, 0 if a system was found alive or 1 if nothing was found.

denial6 - 执行各种拒绝服务攻击目标

root@kali:~# denial6
denial6 v2.3 (c) 2013 by van Hauser / THC <vh@thc.org> www.thc.org
Syntax: denial6 interface destination test-case-number
Performs various denial of service attacks on a target
If a system is vulnerable, it can crash or be under heavy load, so be careful!
If not test-case-number is supplied, the list of shown.

dnssecwalk - 执行念验证下载DNS区域的内容

Options:
-e ensure that the domain is present in found addresses, quit otherwise
-4 resolve found entries to IPv4 addresses
-6 resolve found entries to IPv6 addresses

Perform DNSSEC NSEC walking.

Example: dnssecwalk dns.test.com test.com

dos_mld.sh - 如果指定目标，多播地址将首先被丢弃

:~# dos_mld.sh
Syntax: /usr/bin/dos_mld.sh [-2] interface [target-link-local-address multicast-address]
If specified, the multicast address of the target will be dropped first.
All multicast traffic will cease after a while.
Specify -2 to use MLDv2.

exploit6 - 向目标执行Ipv6的各种CVE漏洞攻击

Performs exploits of various CVE known IPv6 vulnerabilities on the destination
Note that for exploitable overflows only 'AAA...' strings are used.
If a system is vulnerable, it will crash, so be careful!

Advertise ipv6 address on the network (with own mac if not specified),
sending it to the all-nodes multicast address if no target address is set.
Source ip addresss is the address advertised if not set.

Sending options:
-n count send how many packets (default: forever)
-w seconds wait time between the packets sent (default: 5)
Flag options:
-O do NOT set the override flag (default: on)
-r DO set the router flag (default: off)
-s DO set the solicitate flag (default: off)
ND Security evasion options (can be combined):
-H add a hop-by-hop header
-F add a one shot fragment header (can be specified multiple times)
-D add a large destination header which fragments the packet.

fake_dns6d - 伪造DNS服务器对同一IPv6地址的任何查找请求

Syntax: fake_dns6d interface ipv6-address [fake-ipv6-address [fake-mac]]
Fake DNS server that serves the same ipv6 address to any lookup request
You can use this together with parasite6 if clients have a fixed DNS server
Note: very simple server. Does not honor multiple queries in a packet, norNS, MX, etc. lookups.

This uses the MLDv2 protocol. Only a subset of what the protocol is able to
do is possible to implement via a command line. Code it if you need something.
Ad(d)vertise or delete yourself - or anyone you want - in a multicast group of your choice
Query ask on the network who is listening to multicast addresses
Use -l to loop and send (in 5s intervals) until Control-C is pressed.

Ad(d)vertise or delete yourself - or anyone you want - in a multicast group of your choice
Query ask on the network who is listening to multicast addresses
Use -l to loop and send (in 5s intervals) until Control-C is pressed.

The hello command takes optionally the DR priority (default: 0).
The join and prune commands need the multicast group to modify, the target
address that joins or leavs and the neighbor PIM router
Use -s to spoof the source ip6, -d to send to another address than ff02::d,
and -t to set a different TTL (default: 1)

Announce yourself as a router and try to become the default router.
If a non-existing link-local or mac address is supplied, this results in a DOS.
Option -H adds hop-by-hop, -F fragmentation header and -D dst header.

flood_dhcpc6 - 泛洪DHCP客户端

DHCP client flooder. Use to deplete the IP address pool a DHCP6 server is
offering. Note: if the pool is very large, this is rather senseless. :-)

By default the link-local IP MAC address is random, however this won't work
in some circumstances. -n will use the real MAC, -N the real MAC and
link-local address. -1 will only solicate an address but not request it.
If -N is not used, you should run parasite6 in parallel.
Use -d to force DNS updates, you can specify a domain name on the commandline.

flood_router26 - 泛洪本地网络与路由器的公告

Flood the local network with router advertisements.
Each packet contains 17 prefix and route enries
-F/-D/-H add fragment/destination/hopbyhop header to bypass RA guard security.
-R does only send routing entries, no prefix information.
-P does only send prefix information, no routing entries.
-A is like -P but implements an attack by George Kargiotakis to disable privacy extensions
The option -s uses small lifetimes, resulting in a more devasting impact

implementation6 - 执行一些IPv6的检查

Options:
-s sourceip6 use the specified source IPv6 address
-p do not perform an alive check at the beginning and end
Performs some ipv6 implementation checks, can be used to test some
firewall features too. Takes approx. 2 minutes to complete.

inject_alive6 - 回答在PPPoE和6in4隧道技术隧道的存活请求

This tool answers to keep-alive requests on PPPoE and 6in4 tunnels; for PPPoE
it also sends keep-alive requests.
Note that the appropriate environment variable THC_IPV6_{PPPOE|6IN4} must be set
Option -a will actively send alive requests every 15 seconds.
Option -p will not send replies to alive requests.

kill_router6 - 通告目标路由器从路由表中删除路由，

Announce that a target a router going down to delete it from the routing tables.
If you supply a '*' as router-address, this tool will sniff the network for any
RA packet and immediately send the kill packet.
Option -H adds hop-by-hop, -F fragmentation header and -D dst header.

parasite6 - 这是一种对IPv6的“ARP欺骗者”

This is an "ARP spoofer" for IPv6, redirecting all local traffic to your own
system (or nirvana if fake-mac does not exist) by answering falsely to
Neighbor Solitication requests
Option -l loops and resends the packets per target every 5 seconds.
Option -R will also try to inject the destination of the solicitation
NS security bypass: -F fragment, -H hop-by-hop and -D large destination header

passive_discovery6 - 被动嗅探所有客户端的IPv6的网络地址和转储

Options:
-D do also dump destination addresses (does not work with -m)
-s do only print the addresses, no other output
-m maxhop the maximum number of hops a target which is dumped may be away.
0 means local only, the maximum amount to make sense is usually 5
-R prefix exchange the defined prefix with the link local prefix

Passively sniffs the network and dump all client's IPv6 addresses detected.
Note that in a switched environment you get better results when additionally
starting parasite6, however this will impact the network.
If a script name is specified after the interface, it is called with the
detected ipv6 address as first and the interface as second option.

redir6 - 嵌入路由到受害者的IP，所有流量重定向到目标IP

Implant a route into victim-ip, which redirects all traffic to target-ip to
new-ip. You must know the router which would handle the route.
If the new-router-mac does not exist, this results in a DOS.
If the TTL of the target is not 64, then specify this is the last option.

redirsniff6 - 嵌入路由到受害者的IP，所有流量重定向到目标IP

Implant a route into victim-ip, which redirects all traffic to destination-ip to
new-router. This is done on all traffic that flows by that matches
victim->target. You must know the router which would handle the route.
If the new-router/-mac does not exist, this results in a DOS.
You can supply a wildcard ('*') for victim-ip and/or destination-ip.